Merge pull request #64745 from risicle/ris-squid-CVE-2019-13345-r19.03

[r19.03] squid, squid4: add patches fixing CVE-2019-13345
NixOS · Jul 15, 2019 · 0d0cb24 · 0d0cb24
2 parents f4fcdac + db68273
commit 0d0cb24
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 2 deletions.
diff --git a/pkgs/servers/squid/4.nix b/pkgs/servers/squid/4.nix
@@ -1,5 +1,5 @@
 { stdenv, fetchurl, perl, openldap, pam, db, cyrus_sasl, libcap
-, expat, libxml2, openssl }:
+, expat, libxml2, openssl, fetchpatch }:
 
 stdenv.mkDerivation rec {
   name = "squid-4.4";
@@ -9,6 +9,14 @@ stdenv.mkDerivation rec {
     sha256 = "10pfx44mps5ng1806rqdwx8jv8b2n25kjvx37dcd4x2mgzdfc1a9";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "4.x-CVE-2019-13345.patch";
+      url = "https://github.com/squid-cache/squid/commit/be1dc8614e7514103ba84d4067ed6fd15ab8f82e.patch";
+      sha256 = "0vqbnkib695xk5cvldrh993k8387rpghxw3x94la8mq3w7lga9m3";
+    })
+  ];
+
   buildInputs = [
     perl openldap db cyrus_sasl expat libxml2 openssl
   ] ++ stdenv.lib.optionals stdenv.isLinux [ libcap pam ];

diff --git a/pkgs/servers/squid/default.nix b/pkgs/servers/squid/default.nix
@@ -1,5 +1,5 @@
 { stdenv, fetchurl, perl, openldap, pam, db, cyrus_sasl, libcap
-, expat, libxml2, openssl }:
+, expat, libxml2, openssl, fetchpatch }:
 
 stdenv.mkDerivation rec {
   name = "squid-3.5.28";
@@ -9,6 +9,14 @@ stdenv.mkDerivation rec {
     sha256 = "1n4f55g56b11qz4fazrnvgzx5wp6b6637c4qkbd1lrjwwqibchgx";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "3.5-CVE-2019-13345.patch";
+      url = "https://github.com/squid-cache/squid/commit/5730c2b5cb56e7639dc423dd62651c8736a54e35.patch";
+      sha256 = "0955432g9a00vwxzcrwpjzx6vywspx1cxhr7bknr7jzbzam5sxi3";
+    })
+  ];
+
   buildInputs = [
     perl openldap db cyrus_sasl expat libxml2 openssl
   ] ++ stdenv.lib.optionals stdenv.isLinux [ libcap pam ];